The current NY Times story
on Snowden is such garbage. Snowden was a systems administrator with
the keys to the kingdom. He had root access to servers and other
devices whereby he could enable, disable, bypass and gain access to
most anything stored on those devices. He was no master hacker or
elite for anything.

… He just happened to
take classes in hacking and other IT topics.

… If Booz had enabled
proper change and release management procedures as well as separation
/ segregation of duties per standard, foundational IT activities,
this would never have happened.

… what if I told you that right
now, by using VirtualBox, you can download a free Virtual
Machine featuring a full, free version of Windows XP? It’s
absolutely true – you can download Windows XP.

… You can use this system to not
only test out what your website looks for people running older
versions of Internet Explorer (IE) on an older operating system, but
you can also use it to test applications on XP if you’re an
application developer, or to run older programs that only run on
Windows XP. The version of XP gives you a temporary
use license, but if you need to use it longer, you could
always reinstall it or activate it with a valid XP license you may
have already purchased but aren’t using on any of your computers
anymore.

… At the Virtual
Machine download page, you’ll need to choose the options to
download a Windows OS Virtual Machine, and choose which version of IE
you want to test.

For all my students. Automating
citations so I don't use my automated flunking machine...

When the time comes to write
a paper, one of the biggest pains can be citing your sources.

… First, you need to make sure you
are backing up what you are stating with proper
facts. Second, your professors need to make sure you aren’t
plagiarizing,
and backing up your claims with sources can go a long way towards
making this happen.

Thankfully, the Internet makes this
arduous part of the paper writing process a little easier. The
following websites streamline it a great deal. Of course, you are
still going to have to do a little work, but these websites will help
you learn how to cite sources in the quickest way possible.

Friday, July 05, 2013

France runs a vast
electronic surveillance operation, intercepting and stocking data
from citizens’ phone and internet activity, using similar methods
to the US National Security Agency’s Prism programme exposed by
Edward Snowden, Le Monde has reported.

Apparently when the FBI could not find
the person who sent the first anthrax letters, someone said, “Do
whatever it takes” and cost/benefit analysis was tossed out the
window. Is this why the Post Office is going bankrupt?

Postal
Service Is Watching, Too: Outside of All Mail Is Recorded,” by Ron
Nixon: “Under “the Mail Isolation Control and Tracking
program…Postal Service computers photograph the
exterior of every piece of paper mail that is processed in the United
States – about 160 billion pieces last year. It is not
known how long the government saves the images… The Mail Isolation
Control and Tracking program was created after the anthrax attacks in
late 2001 that killed five people, including two postal workers.
Highly secret, it seeped into public view last month when the F.B.I.
cited it in its investigation of ricin-laced letters sent to
President Obama and Mayor Michael R. Bloomberg. It enables the
Postal Service to retrace the path of mail at the request of law
enforcement… Law enforcement officials need warrants to open the
mail… In the past, mail covers were used when you had a reason to
suspect someone of a crime,” said Mark D. Rasch, who started a
computer crimes unit in the fraud section of the criminal division of
the Justice Department and worked on several fraud cases using mail
covers. “Now it seems to be, ‘Let’s record everyone’s mail
so in the future we might go back and see who you were communicating
with.’ Essentially you’ve added mail covers on millions of
Americans.”

Interesting. Not only use the
company's computers for private browsing but store personal data on
them as well. How difficult would it be to store your private stuff
on a thumb drive?

Larry Page of Davis LLP discusses a
case in which an employee was fired for cause for snooping/improper
accessing of a file:

In a recent
decision of the British Columbia Supreme Court, the Court upheld the
termination for cause of a help desk analyst in the IT department who
had been employed for over 20 years at Coast Capital Savings Credit
Union. (Steel v. Coast Capital Savings Credit Union, 2013 BCSC 527)

Employees at
Coast were permitted to have a personal folder in which they
would keep confidential business documents. Under the privacy policy
at Coast, the files in the personal folder could only be read or
edited by the employee who had the folder. Help desk employees were
allowed to access personal folders but could only do so to resolve a
technical problem and only if the employee who had the personal
folder first gave permission to the help desk to access the folder.

… In the state of Texas, a
19-year-old man named Justin Carter sits in prison, ruthlessly
stripped of his freedom for making an offensive joke. After a
Facebook friend with whom he played video games described him as
“crazy” and “messed up in the head,” Carter replied —
sarcastically, one imagines — “Oh yeah, I’m real messed up in
the head, I’m going to go shoot up a school full of kids and eat
their still, beating hearts.” He added “lol” and “jk” for
good measure. For this he was arrested by Austin police, charged
with making a “terroristic threat,” and thrown into prison. He
may languish there until the start of the next decade.

So the settlement was, “Fix it and
try not to do it again?” Wow, harsh!

Following a public
comment period, the Federal Trade Commission has approved a final
order settling charges that HTC America Inc.failed
to take reasonable steps to secure the software it developed for its
smartphones and tablet computers, introducing security flaws that
placed sensitive information about millions of consumers at risk.

The settlement
with HTC America, announced
by the FTC in February 2013, requires the company to develop and
release software patches to fix
vulnerabilities in millions of the company’s devices. The
company is also required to establish
a comprehensive security program designed to address security risks
during the development of HTC devices and to undergo
independent security assessments every other year for the next 20
years.

In addition, the
settlement prohibits HTC America from making any false or misleading
statements about the security and privacy of consumers’ data on HTC
devices. Violations of the consent order may be subject to civil
penalties of up to $16,000 per violation.

“We have today
written to Google to confirm our findings relating to the update of
the company’s privacy policy. In our letter we confirm that its
updated privacy policy raises serious questions about its compliance
with the UK Data Protection Act.

“In particular,
we believe that the updated policy does not provide sufficient
information to enable UK users of Google’s services to understand
how their data will be used across all of the company’s products.

“Google must now
amend their privacy policy to make it more informative for individual
service users. Failure to take the necessary action to improve the
policies compliance with the Data Protection Act by 20 September will
leave the company open to the possibility of formal enforcement
action.”

While we have seen
a new wave of privacy class actions, the issues facing the federal
courts are the same: how to reconcile an inarticulable discomfort
with data methods asserted in privacy class actions with their
constitutional mandate to address only plaintiffs with standing: the
requirement that courts remedy only “concrete” and
“particularized” injuries.

This article
addresses how federal courts are dealing with notions of privacy harm
in the online tracking context. While courts have historically told
privacy plaintiffs to seek redress elsewhere—Congress, agencies,
the states—district judges have been increasingly
open to new notions of harm that allow them, rather than
other government bodies, to address the growing but amorphous
conception that something about the way their gadgets work does not
feel right. The U.S. Supreme Court’s recent decision in Clapper v.
Amnesty Int’l USA, which held that fear of injury in context of
government surveillance does not constitute a cognizable injury,8 may
cause those courts to reverse once again and dismiss such suits.

The publisher of the Walking Dead,
Saga, Witchblade, and the Savage Dragon announced on Tuesday that
it's closing the book on digital rights management. New books from
Image Comics are now available for digital
download from its online store without DRM.

Readers can purchase new books from
ImageComics.com in several
platform-agnostic formats: PDF, EPUB, CBR, and CBZ. Previous
publishing agreements haven't changed, so people who prefer to buy
from proprietary apps such as Comixology, Amazon, and Apple will
still be able to do so.

Ron Richards, Image Comics' marketing
honcho, told the comics news site ComicBookResources
that the DRM-free books would benefit comics creators
the most. "There's no cut for Comixology or Apple or
any other piece getting taken out," he said. "Ideally for
a creator, sales through the Image Web site gets them the most money
per sale."

For all my students: Being able to
touch type makes everything else easier...

I’ve found a Chrome typing extension
that makes the progression feel easier and more natural. It’s
called Type Fu.

… Type Fu has a feature called
auto-adjust difficulty level, which analyzes your performance
over the course of multiple type lessons and automatically graduates
you to the next level when you meet the criteria. This criteria is
based on words-per-minute and typing accuracy.

You can always view your progress with
speed charts, accuracy charts, as well as most typed keys and most
mistyped keys charts.

… I’m having a blast with Type Fu
and it’s the best free typing tutor that
I’ve encountered.

New Shakespeare discovered! For the
intellectual improvement of my students. I alread have this one on
hold at my local library.

Why Vendini is allowing this to dribble
out instead of just being more upfront about the numbers involved
escapes me. But significantly, a number of their
clients were unpleasantly surprised to discover that their contracts
with Vendini did not require Vendini to make the patron notifications
and that it was on them to do so. [Surely someone read the contract
before signing? Bob] This serves as a useful reminder to
check your contracts to ensure that if a vendor or contractors has a
breach, they are responsible for notifying your customers or paying
for you to do so.

Update to the update: I’ll just
add other organizations as I come across them:

Gov. Jay Nixon
vetoed a workers’ compensation bill on Tuesday that he said would
have “invaded Missourians’ privacy, required creation of new
government database.”

The rhetoric came
in the midst of a battle between Nixon and a Republican-led
opposition critical of his administration’s Department of Revenue’s
former practice of scanning personal documents, where Republicans
accused Nixon of doing essentially the same thing.

The
bill, Senate Bill 34 which was sponsored by Sen. Mike
Cunningham, would have called on the government to
establish a database of all Missouri workers who have filed for
workers’ compensation claims for on the job injuries. The database
would have been accessible to Missouri employers.

VIENNA (Reuters) - Bolivia accused
Austria of an act of aggression by searching President Evo Morales'
plane on Wednesday and blamed Washington for its forced landing in
Vienna over suspicions that former U.S. spy agency contractor Edward
Snowden was on board.

Morales' plane was stranded at Vienna
airport for several hours after Portugal and France abruptly canceled
air permits for it to fly through their airspace, but eventually
resumed its flight home form an energy meeting in Moscow.

“The publication of classified
information related to National Security Agency (NSA) surveillance
activity is the latest in a series of leaks to the press that has
riveted Congress’s attention. Press reports describing classified
U.S. operations abroad have led to calls from Congress for an
investigation into the source of the leaks, and Attorney General
Holder appointed two special prosecutors to look into the matter.
The online publication of classified defense documents and diplomatic
cables by the organization WikiLeaks and subsequent reporting by the
New York Times and other news media had already focused attention on
whether such publication violates U.S. criminal law. The suspected
source of the WikiLeaks material, Army Private Bradley Manning, has
been charged with a number of offenses under the Uniform Code of
Military Justice (UCMJ), including aiding the enemy, while a grand
jury in Virginia is deciding whether to indict any civilians in
connection with the disclosure. A number of other cases involving
charges under the Espionage Act, including efforts to extradite
Edward Snowden in connection with the leak of NSA documents
pertaining to certain surveillance programs, demonstrate the Obama
Administration’s relatively hardline policy with respect to the
prosecution of persons suspected of leaking classified information to
the media. This report identifies some criminal statutes that may
apply to the publication of classified defense information, noting
that these have been used almost exclusively to prosecute individuals
with access to classified information (and a corresponding obligation
to protect it) who make it available to foreign agents, or to foreign
agents who obtain classified information unlawful while present in
the United States.”

As long as we're talking about
surveillance... This expands on my “We can, therefore we must!”
meme.

“Recent revelations about the extent
of surveillance by the U.S. National Security Agency come as no
surprise to those with a technical background in the
workings of digital communications. The leaked documents show how
the NSA has taken advantage of the increased use of digital
communications and cloud services, coupled with outdated privacy
laws, to expand and streamline their surveillance programs. This
is a predictable response to the shrinking cost and growing
efficiency of surveillance brought about by new technology. The
extent to which technology has reduced the time and cost necessary to
conduct surveillance should play an important role in our national
discussion of this issue. The American public previously, maybe
unknowingly, relied on technical and financial barriers to protect
them from large-scale surveillance by the government. These implicit
protections have quickly eroded in recent years as technology
industry advances have reached intelligence agencies, and digital
communications technology has spread through society. As a result,
we now have to replace these “naturally occurring” boundaries and
refactor the law to protect our privacy. The ways in which we
interact has drastically changed over the past decade. The
majority of our communications are now delivered and stored by
third-party services and cloud providers. E-mail, documents,
phone calls, and chats all go through Internet companies such as
Google, Facebook, Skype, or wireless carriers like Verizon, AT&T,
or Sprint. And while distributed in nature, the physical
infrastructure underlying the World Wide Web relies on key
chokepoints which the government can, and is, monitoring. This makes
surveillance much easier because the NSA only needs to establish
relationships with a few critical companies to capture the majority
of the market they want to observe with few legal restrictions. The
NSA has the capability to observe hundreds of millions of people
communicating using these services with relatively little effort
and cost.”

Who expects the government to be
smarter on social media than they are on foreign policy?

State Department officials spent
$630,000 to get more Facebook "likes," prompting employees
to complain to a government watchdog that the bureau was "buying
fans" in social media, the agency's inspector general says.

… "Many in the bureau
criticize the advertising campaigns as 'buying fans' who may have
once clicked on an ad or 'liked' a photo but have no real interest in
the topic and have never engaged further," the inspector general
reported.

… Despite the surge in likes, the
IG said the effort failed to reach the bureau's target audience …
Only about 2 percent of fans actually engage with the pages by
liking, sharing or commenting.

“From Facebook to Google searches to
bookmarking a webpage in our browsers, today’s society has become
one with an enormous amount of data. Some internet-based companies
such as Yahoo! are even storing exabytes (10 to the 18 bytes) of
data. Like these companies and the rest of the world, scientific
communities are also generating large amounts of data-—mostly
terabytes and in some cases near petabytes—from experiments,
observations, and numerical simulation. However, the scientific
community, along with defense enterprise, has been a leader in
generating and using large data sets for many years. The issue that
arises with this new type of large data is how to handle it—this
includes sharing the data, enabling data security, working with
different data formats and structures, dealing with the highly
distributed data sources, and more. Frontiers
in Massive Data Analysis presents the Committee on the
Analysis of Massive Data’s work to make sense of the current state
of data analysis for mining of massive sets of data, to identify gaps
in the current practice and to develop methods to fill these gaps.
The committee thus examines the frontiers of research that is
enabling the analysis of massive data which includes data
representation and methods for including humans in the data-analysis
loop. The report includes the committee’s recommendations, details
concerning types of data that build into massive data, and
information on the seven computational giants of massive data
analysis.”

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.